I say that they shouldn’t have any sensitive information at all. And their claim that it was testing data that leaked shows that they do have that sensitive information. It just hasn’t leaked yet. At least if we believe in what the company says.

I do understand,

No, you don’t.

You didn’t understand what I am saying.

You are surprised

I’m not surprised. I am accustomed to the shit around.

How would recurring bills be paid if the info isn’t stored?

Just go to the bank (or open your bank application on the phone) and pay.

The customer can notify ID during payment.

Billing? ID -> balance. “Very” important data for hackers. They had more? Like card numbers, names, addresses, etc? That’s a bad practice for VPN providers.

So for selling it to aggregators? That’s bad practice for a VPN-providing company.

You don’t have any “test data” if you don’t have any “real data”. Why would you?

Why would *VPN even have ANY data worth taking through breaching?

Are carrots allowed?

Because they are more clever than you.

No, it shouldn’t. The same way as factory machines don’t pay it.

That would be a waste of a perfectly good bullet. A club will suffice.